Clubhouse – the invite-only audio app best known for courting everyone from Elon Musk for Mark Zuckerberg—Promised to implement new safeguards after suffering its second high-profile security mess this month.
On Sunday, a Clubhouse spokesman confirmed for Bloomberg that an unidentified user in the app was able to bypass audio streams from “multiple rooms” and stream them to a third party website owned by that user. This news came to light after security researcher Robert Porter tweeted screenshots of the website in question. He stressed that, although the room scraper in this case did not appear to have any malice in mind, the feat was certainly available to “more nefarious actors”.
The Clubhouse team told Bloomberg that the user behind the audio capture was “permanently banned” from the platform and that he was installing certain “safeguards” to prevent this type of room recording from falling into the wrong hands again. That said, the company declined to tell Bloomberg what those specific safeguards were.
This does not necessarily bode well for people who may be concerned about the privacy of their Clubhouse chats. Of course, the account behind the project can be banned and it is possible that this specific exploit used to siphon audio will no longer work. The company still has to deal with the 300 other open source projects currently trying to access the platform. And that number is growing every day.
G / O Media can receive a commission
Not to mention that this story is happening just a week after the Stanford Internet Observatory launched a bombastic report implying that some user data – including raw audio feeds – was processed with the help of the Shanghai-based startup Agora, which had the ability to intercept that audio and store it for its own purposes. How the Trump administration taken against TikTok we teach all of us, data stored on Mainland China soil is subject to certain national cybersecurity laws that dictate that Chinese authorities can freely access that data if they are considered a threat to national security.
Considering how the Clubhouse became a huge success in China because citizens were under the impression that the app was beyond reach from state surveillance, you can imagine why last week’s revelation may have had a scary effect. And while the Clubhouse at the time promised that it was “deeply committed to data protection and user privacy,” the latter security issue raises questions about how far that commitment really goes.
We’ve contacted the Clubhouse about this weekend’s security incident and will update here when we have a response.